On 31 May 2018, the European Commission issued two proposals for a Regulation of the European Parliament and the Council amending Council Regulation (EC) No 1206/2001 of 28 May 2001 on cooperation between the courts of the Member States in the taking of evidence in civil or commercial matters (1), on the one hand and a Regulation amending Regulation (EC) No 1393/2007 of the European Parliament and of the Council of 13 November 2001on the service in the Member States of judicial and extrajudicial documents in civil or commercial matters (2), on the other hand. The proposals mainly aim at improving the smooth functioning of judicial cooperation in these areas, by, inter alia, providing for transmission of documents and taking of evidence requests through a decentralised IT system.

The EDPS acknowledges that exchanges of personal data are necessary elements of the creation of an area of Freedom, Security and Justice. Therefore he welcomes the overall objectives of the proposals to improve the efficiency of judicial cooperation in civil or commercial matters in relation to the taking of evidence and the service of documents, in particular through digitalisation and the use of IT technology. He shares the view that the proposed legislation could have a real impact on the everyday lives of EU citizens.

This Opinion makes three main recommendations in order to constructively assist the legislators in achieving this very important objective while ensuring compliance with the Charter and the GDPR:

—

providing a clear legal basis for the IT system which would be used for the transmission of documents, requests and communications for the purposes of these Regulations. In particular, in case the IT system would entail the involvement of an EU institution, body, agency or office, this legal basis should in principle be provided in an EU legislative act. Also, even in case the processing of personal data would take place in the framework of an existing IT system, the EDPS recommends providing for the use of such system in the legislative act itself. However, the existing system envisaged to be used should itself be duly established on the basis of a legal act adopted at EU level, which is currently not the case of e-CODEX. Should the EU legislator choose the e-CODEX solution, the lack of a legal instrument at EU level establishing and regulating the system should be remedied without delay,

—

including in the legislative acts themselves a high level description of the IT system aspects, such as data protection responsibilities or relevant applicable safeguards, to be further defined in implementing acts. In particular, to the extent the Commission or another EU institution, body, agency or office would be implicated in the operation of the new system, the legal act should ideally define its responsibilities as a (joint) controller or a processor,

—	conducting an impact assessment on data protection when preparing the implementing acts.

Further detailed recommendations are provided by the EDPS in this Opinion.

The EDPS remains at the disposal of the institutions for further advice during the legislative process and at the implementing phase of the Regulations once adopted.

1.   Introduction and background

1.

On 31 May 2018, the Commission adopted two proposals (3) for a Regulation of the European Parliament and the Council that would amend: — Council Regulation (EC) No 1206/2001 of 28 May 2001 on cooperation between the courts of the Member States in the taking of evidence in civil or commercial matters (hereinafter the ‘taking of evidence Regulation’), — Regulation (EC) No 1393/2007 of the European Parliament and of the Council on the service in the Member States of judicial and extrajudicial documents in civil or commercial matters (hereinafter the ‘service of documents Regulation’).

2.

The taking of evidence Regulation, which has applied since 2004, provides for two ways of taking of evidence between Member States: taking of evidence through the requested court and the direct taking of evidence by the requesting court.

3.

The service of documents Regulation, which has applied since 2008, provides for different ways of transmitting documents from one Member State to another, for purposes of service in the latter, through transmitting and receiving agencies or through transmission by consular or diplomatic channels. It also sets uniform legal conditions for serving a document by post directly across borders and provides for a direct service through the competent person of the Member State addressed where permitted under the law of that Member State. It includes certain minimum standards on the protection of the rights of defence. The application of the Regulation ‘is not restricted to proceedings before civil tribunals, because its scope covers also ‘extrajudicial’ documents, the service of which may arise in various out-of-court proceedings (e.g. in succession cases before a public notary, or in family law cases before a public authority), or even in the absence of any underlying judicial proceedings’ (4).

4.

The proposals are included in the Commission’s 2018 work programme under REFIT initiatives in the area of justice and fundamental rights based on mutual trust (5). The proposals are accompanied by an impact assessment (6).

5.

Both proposals provide for the transmission of documents, requests and communications through a mandatory decentralised IT system composed of national IT systems interconnected by a communication infrastructure enabling the secure and reliable cross-border exchange of information between the national IT systems. They also provide for the application of Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (7).

6.

On 13 February 2019, the European Parliament adopted its legislative resolutions on both proposals at first reading (8), inter alia agreeing on the establishment of a decentralised IT system, providing that such system be based on e-CODEX and that the implementation of such system be ensured via delegated acts.

7.

On 6 June 2019, a policy debate took place in Council. The presidency concluded that ‘the Council confirmed the need to modernise our processes when it comes to judicial cooperation in civil and commercial matters. The presidency noted the preference expressed for a decentralised and secured IT system. It added that ministers could accept mandatory use of the system only with certain conditions, including a longer transition period and with a backendreference system to be provided by the Commission. A list of necessary exceptions will also have to be considered. Finally, the presidency noted that e-CODEX could be the software solution to be used for that purpose. Further work will have to be conducted at technical level’ (9).

8.

On 23 April 2019, the Commission has submitted a request for consultation to the European Data Protection Supervisor (hereinafter the ‘EDPS’) in order to assess the conformity of both proposals with the General Data Protection Regulation (hereinafter the ‘GDPR’). The EDPS welcomes the consultation by the Commission.

3.   Conclusions

24.

The EDPS welcomes the overall objectives of the proposals to improve the efficiency of judicial cooperation, in particular through digitalisation and the use of IT technology, in relation to the taking of evidence and the service of documents in civil or commercial matters. Therefore, this Opinion aims at providing constructive and objective advice to the EU institutions.

25.

The EDPS welcomes the identification of a high-level architecture of the system in the legislative act itself and the obligation of a reliable exchange of information as well as the need to use trust services as defined in Regulation (EU) No 910/2014.

26.

There are three major recommendations the EDPS makes to ensure compliance with the Charter and the GDPR: — providing a clear legal basis for the IT system which would be used for the transmission of documents, requests and communications for the purposes of these Regulations. In particular, in case the IT system would entail the involvement of an EU institution, body, agency or office, this legal basis should in principle be provided in an EU legislative act. Also, even in case the processing of personal data would take place in the framework of an existing IT system, the EDPS recommends providing for the use of such system in the legislative act itself. However, the existing system envisaged to be used should itself be duly established on the basis of a legal act adopted at EU level, which is currently not the case of e-CODEX. Should the EU legislator choose the e-CODEX solution, the lack of a legal instrument at EU level establishing and regulating the system should be remedied without delay, — including in the legislative acts themselves a high level description of the IT system aspects, such as data protection responsibilities or relevant applicable safeguards, to be further defined in implementing acts. In particular, to the extent the Commission or another EU institution, body, agency or office would be implicated in the operation of the system, the legal act should ideally define its responsibilities as a (joint) controller or a processor, — conducting an impact assessment on data protection when preparing the implementing acts.

27.

The EDPS also recommends: — providing in both legislative acts for an implementing act to further detail the IT system and that the implementing acts cover the new provisions on electronic service and on direct taking of evidence by videoconference so as to include specific safeguards also on these processing operations, — in case of joint controllership, defining in the implementing acts the relationship among joint controllers and the content of the mandatory arrangements among them, — specifying in the implementing acts safeguards ensuring an access to a limited number of authorised users, — defining in further detail as far as possible the statistical elements to be collected in the implementing acts.

28.

Finally, the EDPS remains at the disposal of the Commission, the Council and the European Parliament to provide advice at further stages of this process. The recommendations made in this Opinion are without prejudice to any additional comments that the EDPS could make as further issues may arise. He recalls that, in accordance with Article 42(1) of Regulation (EU) 2018/1725, the Commission has the obligation to consult the EDPS when preparing implementing or delegated acts having an impact on the protection of individual’s rights and freedoms with regard to the processing of personal data. The EDPS expects therefore to be consulted later on the provisions of the draft implementing or delegated acts in this respect.

---

(1)   OJ L 174, 27.6.2001, p. 1.

(2)   OJ L 324, 10.12.2007, p. 79.

(3)  Proposal COM(2018)378 final (hereinafter the ‘taking of evidence proposal’) and proposal COM (2018)379 final (hereinafter the ‘service of documents proposal’).

(4)  Explanatory memorandum, p. 2.

(5)  Commission work programme 2018: an agenda for a more united, stronger and more democratic Europe (COM(2017) 650 final, 24.10.2017), Annex II, points 10 and 11.

(6)  Commission Staff working documents SWD(2018) 285 and SWD(2018) 287.

(7)  Explanatory memorandum of the taking of evidence proposal, p. 3 and of the service of documents proposal, p. 4: ‘[w]hile in principle nothing prevents Member States from digitalising the way they communicate, past experience and projections of what will happen without EU action show that progress would be very slow and that, even where Member States take action, interoperability cannot be ensured without a framework under EU law. The objective of the proposal cannot be sufficiently achieved by the Member States themselves and can be achieved only at Union level’.

(8)  P8_TA(2019)0103 and P8_TA(2019)0104.

(9)  Outcome of the Council meeting (9970/19), p. 7, provisional version available at: https://www.consilium.europa.eu/media/39709/st09970-en19.pdf

According to the Presidency Paper (9566/19), par. 8 and 13, ‘in the Commission Impact Assessments accompanying both proposals, e-CODEX is considered the most suitable and only readily available IT system. The development of another decentralised system would mean that the same challenges already addressed in the context of the development of the e-CODEX would be addressed once again’. ‘One of the existing solutions is e-CODEX, a system developed with EU financial support by a consortium of Member States over a period of almost 10 years. E-CODEX is currently used for the following: Business Registers Interconnection System (BRIS); the interconnection of national insolvency registers; the e-Evidence Digital Exchange System. However, insofar as use cases based on voluntary cooperation are concerned, e-CODEX is not yet implemented and used by all the Member States. In this context, during the discussions in the Working Party, for the Member States where there are currently no IT systems that support electronic procedures, the Commission could consider the development of a reference implementation solution for a back-end system at national level, provided that there is sufficiently strong and broad delegations’ support for mandatory electronic communication. All systems would have to be technically interoperable and compliant with the same set of technical specifications (protocols, standards, XML schemas and workflows).’